Epic Android bug interprets your typing as system commands

[RCuber]

The philosophy goes something like this: the great thing about Linux is that it's secure, and the great thing about open-source software is that it's thoroughly and constantly vetted for robustness. So to that end, Android should be pretty rock solid, right? Perhaps, but the overwhelming enormity of this particular bug definitely gives us pause. It turns out that G1 firmware revisions RC29 and earlier literally interpret everything you type as command-line operations, so if you happen across a legit command, it's going to get executed -- with superuser permissions, no less. No, seriously. Just go to the messaging app, the browser, or anywhere else a text box is convenient, type "reboot," press the enter key, and watch magic happen. We've tested this on two G1s, both with RC29 firmware, and have gotten this to consistently work on one of the two, so your mileage may vary -- but either way, this needed to get patched on the double. Fortunately, Google's been quick about it, rolling a fix into the RC30 build that's being rapidly pushed to users as we speak, but man... how did that get through?

Via : Engadget

 

[NucleusKore]

This is a good one

*s269.photobucket.com/albums/jj44/visio159/Unismilies/44large.png

 

[a_k_s_h_a_y]

Epic !

 

[apoorva84]

yeah..read this at engadget yesterday...

 

[krazzy]

So suppose I own a G1 and I'm browsing a forum on it's web browser and I type "Android Rocks!!!" in my post and press Enter, will the phone, say, flash it's lights and blow a bugle from it's speaker?

 

[Pat]

Read this on engadget. Heres the funny part:

In the bug report (issue 1207) jdhorvat writes:

Funny story behind finding this:

I was in the middle of a text conversation with my girl when she asked why I hadn’t responded. I had just rebooted my phone and the first thing I typed was a response to her text which simply stated “Reboot” - which, to my surprise, rebooted my phone.

 

[chandru.in]

Yuck!

 

[ratedrsuperstar]

^^lolz.

 

[abhinav_bipnesh]

nice caught so much intelligence

 

[gary4gar]

Being a open source, A fix already out
this is more like a silly mistake than a bug. Its funny!

And the Fix was to Comment line of init.rc file

 

[red_devil]

but where were the testers ??? don't people test out for these kinds of errors before releasing something of this magnitude ??

 

[chandru.in]

Being a open source, A fix already out
this is more like a silly mistake than a bug. Its funny!

And the Fix was to Comment line of init.rc file

Can you provide some source for this?

 

[Faun]

reboot

 

[RCuber]

he he, what if someone asks one to type rm -rf / and press enter over a chat ... disaster

PS: Please dont try this command anywhere.

 

[amitava82]

Can you provide some source for this?

why not check source code of Android since you guys like source codes.

Hmm lemme see, Android, I command you: reboot . Nope nothing. rm -rf /

Damn, does not do anything

Oh wait a sec, I already received OTA update..

*Posted from Android.

 

[IronManForever]

whoa.. I just love bugs..

 

[chandru.in]

why not check source code of Android since you guys like source codes.

If I could understand an Mobile OS's code base why will I waste time on replying here??

The only App whose source code I could understand is Ark (KDE 3.5.x version).

 

[RCuber]

why not check source code of Android since you guys like source codes.

Hmm lemme see, Android, I command you: reboot . Nope nothing. rm -rf /

Damn, does not do anything

Oh wait a sec, I already received OTA update..

*Posted from Android.

I knew you would reply here

 

[Faun]

hahaha

 

[amitava82]